BitSight and Glass Lewis are partnering to include critical cybersecurity information – comprised of BitSight Security Ratings, data, and insights – with Glass Lewis’ Proxy Paper research reports. Information on 20,000+ companies will be included in an effort to help investors better understand how cybersecurity issues may affect their investments.
For more information about the strategic partnership, please refer to our joint press release.
BitSight is transforming the way that the global marketplace addresses cyber risk with cybersecurity ratings and analytics. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and improve national security. With 2,300 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings.
See all of BitSight's solutions here.
BitSight Security Ratings are a measurement of an organization’s security performance. Much like credit ratings, BitSight Security Ratings are generated through the analysis of externally observable data. Armed with daily ratings, organizations can proactively identify, quantify and manage cyber security risk throughout their ecosystem.
Unlike existing security assessment tools that examine a company’s policies or conduct periodic scans, BitSight continuously measures security performance based on evidence of compromised systems, diligence, user behavior, and data breaches to provide an objective, evidence-based measure of performance. This data-driven, outside in approach, requires no information from the rated entity. BitSight ratings specifically are correlated with financial performance and likelihood of data breaches to help organizations be as informed as possible when managing their cybersecurity.
As the framework for creating the methodology behind our ratings, BitSight uses the US Chamber of Commerce’s Principles for Fair and Accurate Security Ratings, which we helped develop.
BitSight Security Ratings range from 250 to 900. The higher the rating, the more effective the company is in implementing good security practices. BitSight Security Ratings are calculated using a proprietary algorithm that analyzes and classifies externally observable data. The ratings are generated based on four classes of data -– compromised systems, diligence, user behavior, and data breaches.
For more information on how BitSight Security Ratings are calculated, download the complete Rating methodology overview.
BitSight does not require any information from, or participation by, an organization to generate a Security Rating. Security ratings are built on data from over 100 different sources. We collect much of the data ourselves, and we also work with numerous best-in-class data partners (many exclusive) who specialize in various types of telemetry. To date, we have collected petabytes of security relevant data and are adding billions of new observations every day.
BitSight does not engage in any hacking or any intrusive network penetration testing. Our collected data is externally observed from various sources in the public internet. It is available to anyone who chooses to collect it and has the technological capabilities to do so.
For more information on BitSight’s data collection methods, download the complete Rating methodology overview.
BitSight believes in the value of cybersecurity ratings because we know they represent more than just what’s happening within an attack surface. BitSight Security Ratings are independently verified to correlate with data breach risk and stock performance.
BitSight is the only Security Rating Service provider with a third-party validated correlation to breach. As validated by AIR Worldwide and IHS Markit, companies with a BitSight Security Rating of 500 or lower are almost five times more likely to suffer a breach than those with a rating of 700 or more.
For more information about how BitSight Security Ratings correlate to likelihood of data breach, download this data sheet.
BitSight’s research shows that organizations with a rating lower than 600 are 6.4 times more likely to be a ransomware victim compared to organizations with a rating of 750 or higher. Organizations with a rating between 600 and 650 are 4.6 times more likely.
Solactive, a German index engineering firm, found that companies in the top 25% of BitSight ratings performance outperform the Solactive benchmark index on stock returns by 1% to 7% with lower volatility.
Additionally, IHS Markit found that there is a causal relationship between the company’s cybersecurity readiness – manifested in a higher BitSight / IHS Markit rank – and their equity performance. Per their research, the 37 highest performers with a top rank of 1 offered more attractive valuation multiples than the 35 businesses that were ranked at the bottom.
BitSight Security Ratings are updated daily.
BitSight offers a number of solutions specifically tailored for investors with varying degrees of data granularity to suit your needs.
Available via the BitSight platform, BitSight for Investment Due Diligence enables investors to continuously monitor the cybersecurity performance of their holdings. Access includes daily security ratings and associated data, along with insights into security incidents, diligence, and user behavior for the past year. Additionally, investors can compare security performance between a monitored company and a peer group to put the monitored company's security performance into a larger context.
For those who prefer to consume raw Rating and risk vector level data only, BitSight Security Ratings are also available via alternative data offerings from our Strategic Partners, IHS Markit and S&P Global.